Order & project status lookup
Plan: Pro and Custom. Who's this for: anyone whose visitors ask "where is my order?" or "what is the status of my project?" — and who has a backend system that already knows the answer. Where this lives: AI Agents → Order Status Connector in your dashboard sidebar.
TL;DR
Connect your existing order or project backend to your agent, and visitors can ask "where is order #1234?" in the chat. The agent calls your endpoint with the order reference, your endpoint replies with the status, and the agent reads it back to the visitor. We never store the order data — your backend stays the source of truth.
You need:
- An HTTPS endpoint on your side that accepts a
POSTrequest and returns a tiny JSON response. - The Coffield.io dashboard for your tenant.
- The Pro plan or higher.
What problem does this solve?
Visitors constantly ask three questions you don't want to answer by hand:
"Where is my order?" "Has my project been scheduled?" "When is my technician arriving?"
These questions have one thing in common: the answer already exists in your backend. You don't need an AI to guess — you need it to look up the truth in your system and read it back.
That's exactly what the order status connector does.
How does it work?
- A visitor types "What's the status of order ORD-9842?" into your agent.
- The agent recognizes that it needs to look up an order and calls your endpoint.
- Your endpoint replies with a short JSON blob like
{"ok": true, "status": "shipped", "summary": "Out for delivery — arrives Tuesday"}. - The agent reads it back in plain language: "Your order is out for delivery and should arrive Tuesday."
We sign every request with HMAC so you can prove it's really us. We never cache the response — every visitor question is a fresh lookup.
How do I set this up?
- Sign in to your dashboard.
- Open AI Agents → Order Status Connector in the left navigation.
- Click New Order Status Connector.
- Pick the provider — for now, the only choice is Generic HTTPS endpoint (HMAC-signed).
- Paste your endpoint URL (must start with
https://—http://is blocked for safety). - (Recommended) Click the Generate button next to Signing secret to mint a 64-character secret. Copy it now — you'll paste it into your backend so your endpoint can verify our signature.
- Choose what your endpoint can answer:
- Order lookups — for retail / e-commerce style references (orders, shipments, deliveries)
- Project lookups — for service-business references (jobs, projects, tickets)
- Save.
That's it. Your agent will start using the connector on the next conversation.
What does my endpoint need to return?
Your endpoint will receive a POST with this JSON body:
{
"kind": "order", // or "project"
"reference": "ORD-9842", // exactly what the visitor typed
"context": {}, // optional verification data the visitor supplied (e.g. email, zip)
"tenant_id": 42
}
Reply with one of two shapes — success or failure.
Success response
{
"ok": true,
"status": "shipped",
"summary": "Out for delivery — arrives Tuesday",
"details": {
"carrier": "UPS",
"tracking": "1Z999AA10123456784"
}
}
| Field | Required | What it does |
|---|---|---|
ok |
Yes | Must be true for a successful lookup. |
status |
Yes | A short machine-readable status (e.g. shipped, in_progress, scheduled). |
summary |
Yes | One sentence the agent reads back to the visitor verbatim. |
details |
No | Any extra structured data the agent may incorporate into a follow-up answer. |
Failure / "not found" response
{
"ok": false,
"error_code": "not_found",
"message": "We can't find an order with that reference."
}
| Field | Required | What it does |
|---|---|---|
ok |
Yes | Must be false. |
error_code |
Yes | One of: not_found, unauthorized, invalid_reference, receiver_error. |
message |
No | A human-friendly explanation the agent may pass to the visitor. |
How do I prove the request came from Coffield.io?
Every request we send carries an X-Coffield-Signature header. Verify it before trusting the body. Here's a six-line PHP example:
$body = file_get_contents('php://input');
$sig = $_SERVER['HTTP_X_COFFIELD_SIGNATURE'] ?? '';
$expected = 'sha256=' . hash_hmac('sha256', $body, $YOUR_SIGNING_SECRET);
if (! hash_equals($expected, $sig)) {
http_response_code(401); exit;
}
Same pattern works in Node, Python, Ruby — compute HMAC-SHA256(body, signing_secret), prefix with sha256=, and compare in constant time.
What headers do you send?
| Header | Value |
|---|---|
Content-Type |
application/json |
User-Agent |
CoffieldAgentLookup/1.0 |
X-Coffield-Tenant-Id |
Your tenant ID (lets you scope to the right backend) |
X-Coffield-Lookup-Kind |
order or project |
X-Coffield-Timestamp |
Unix epoch seconds — reject requests older than 5 minutes if you want extra replay protection |
X-Coffield-Signature |
sha256=<hex> of the raw request body |
What if my endpoint is slow or down?
We give your endpoint an 8-second timeout (configurable). If we don't get a reply in that window, the agent tells the visitor "I wasn't able to look that up right now" and offers to take a message instead.
| Situation | Agent says |
|---|---|
Your endpoint returns {"ok": false, "error_code": "not_found"} |
"I couldn't find an order with that reference. Could you double-check?" |
Your endpoint returns HTTP 5xx or times out |
"Our order system is having trouble right now. Would you like me to take a message?" |
Your endpoint returns HTTP 401/403 |
(same as above — we treat it as an unrecoverable backend error) |
Every failure is logged on the connector's dashboard row (look for the Last failure reason column) so you can see what your endpoint actually returned.
Which tiers can use this?
The order status connector requires the Pro plan or higher. Visitors on Starter and Growth tenants will get a friendly "this feature isn't enabled" response from the agent if they ask for an order lookup.
Can I have more than one connector?
Today: one active connector per tenant. That keeps lookups predictable — every visitor question hits the same backend. If you have multiple backends, you can route inside your own endpoint based on the reference prefix (e.g. ORD-* vs PROJ-*).
What if I don't have a backend API?
The order status connector assumes you already have a system that knows order status. If you don't — or if your data lives in spreadsheets, email threads, or a tool without a public API — please contact support. We may be able to suggest a no-code bridge (Zapier, Make.com) or queue it for a vendor-specific provider (Shopify, ServiceTitan, Jobber are on the roadmap).
Related pages
- Outbound webhooks — push events out of Coffield.io to your tools (the opposite direction).
- External integrations & MCP tokens — let outside agents call into your workspace.
- HubSpot CRM (Pro) — one-click CRM connector.